Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.0:Ports
atftp
atftp-drop_privileges_non-daemon.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File atftp-drop_privileges_non-daemon.patch of Package atftp
Index: atftp-0.7/tftpd.c =================================================================== --- atftp-0.7.orig/tftpd.c 2016-12-06 13:41:15.955496990 +0100 +++ atftp-0.7/tftpd.c 2016-12-06 14:55:23.573139906 +0100 @@ -95,8 +95,8 @@ int deny_severity = LOG_NOTICE; #endif /* user ID and group ID when running as a daemon */ -char user_name[MAXLEN] = "nobody"; -char group_name[MAXLEN] = "nogroup"; +char user_name[MAXLEN] = "tftp"; +char group_name[MAXLEN] = "tftp"; /* For special uses, disable source port checking */ int source_port_checking = 1; @@ -274,33 +274,47 @@ int main(int argc, char **argv) dup2(sockfd, 0); close(sockfd); - /* release priviliedge */ - user = getpwnam(user_name); - group = getgrnam(group_name); - if (!user || !group) - { - logger(LOG_ERR, - "atftpd: can't change identity to %s.%s, exiting.", - user_name, group_name); - exit(1); - } + } - /* write our pid in the specified file before changing user*/ - if (pidfile) - { - if (tftpd_pid_file(pidfile, 1) != OK) - exit(1); - /* to be able to remove it later */ - chown(pidfile, user->pw_uid, group->gr_gid); - } + /* release privilege */ + user = getpwnam(user_name); + group = getgrnam(group_name); + if (!user || !group) + { + logger(LOG_ERR, + "atftpd: can't change identity to %s.%s, exiting.", + user_name, group_name); + exit(1); + } - setgid(group->gr_gid); - setuid(user->pw_uid); + /* write our pid in the specified file before changing user*/ + if (pidfile) + { + if (tftpd_pid_file(pidfile, 1) != OK) + exit(1); + /* to be able to remove it later */ + chown(pidfile, user->pw_uid, group->gr_gid); + } - /* Reopen log file now that we changed user, and that we've - * open and dup2 the socket. */ - open_logger("atftpd", log_file, logging_level); + if(setgid(group->gr_gid)) + { + logger(LOG_ERR, "atftpd: can't switch group to %s, exiting.", group_name); + exit(1); + } + if (setgroups(0, NULL)) + { + logger(LOG_ERR, "atftpd: can't clear supplementary group list"); + exit(1); } + if(setuid(user->pw_uid)) + { + logger(LOG_ERR, "atftpd: can't switch user to %s, exiting.", user_name); + exit(1); + } + + /* Reopen log file now that we changed user, and that we've + * open and dup2 the socket. */ + open_logger("atftpd", log_file, logging_level); /* We need to retieve some information from incomming packets */ if (setsockopt(0, SOL_IP, IP_PKTINFO, &one, sizeof(one)) != 0)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor